Meeting Notes - November 10th, 2016

When shopping on Amazon this holiday season, make sure to use our Amazon Smile link. It doesn't cost you anything extra and a portion of the price goes to OISF. It's a simple way to keep us running.

Discussion Stories

• Use this Amazon Smile link to support OISF
  • This won't cost you anything or make your purchases more expensive, this takes money from Amazon and gives it to us.
• Charles Monett's IP Camera Firmware Scripts
  • Scripts used in this month's presentation!
• Download the presentation slides right here: PDF / PPTX
• Politico's Morning Cyber Security Briefing
  • A daily dose of infosec policy and news
• Mirai Malware - Malware that has been terrorizing the internet via DDOS attacks
  • The 61 passwords used to spread Mirai
  • Mirai takes down Dyn, impacting Twitter, Spotify, Reddit, Netflix, and more
    • Attack strength can reach 1 Tbps
  • Mirai tries to take Liberia offline
  • Mirai Source Code Released
• Patch your Linux kernels! Dirty COW vulnerability announced and patched.
• Google discloses Windows zero-day before Microsoft releases patch

CubeSat Secure Communication Notes

We had a very interesting discussion on how to secure CubeSat communications, here are those notes:

• Limitations:

  • System limitations
    • 16Mhz Processor
    • 512 kb flash storage (~256 kb workable)
    • 80 kb RAM (unknown workable amount)
    • ~800 bits per second transfer rate
      • Only works when you can see the CubeSat
      • Uses a 16-byte command string
    • Most programming done in C
    • Runs freeRTOS
  • Needs something that will survive a VERY harsh environment
    • Radiation can randomly reset the system, corrupt memory, etc
  • Unknown transfer error rate
  • No guarantees on transfer delivery (think UDP)

• Good things:

  • An attacker breaching the system has little real consequence
    • The attacker could restart the device
    • The attacker could stop commands in progress or issue commands that the CubeSat doesn't need
    • The attacker cannot reprogram the device (firmware is set)
    • The attacker could break international radio regulations
      • This has no real effect on anyone
    • The attack could be annoying, but cannot cause damage

• Thoughts on securing the communications channel:

  • Encryption:
    • Diffie–Hellman key exchange
    • One-time pad (based on time window)
      • Size is limited on the device
    • Shared Secret (pre-shared key)
    • ED25519 Public Key Encryption
      • It was decided that public-key crypto is far too big to transmit
    • Double Ratchet Algorithm
      • Design to be self-healing
      • Doesn't require an always-on connection
      • Still probably too big to transmit...
  • Command signing?
  • DirectTV-style Memory Puzzle
    • Send the command as small pieces of useless memory and memory locations that a C program will put into a buffer
    • Once enough pieces have been send, the c program can re-arrage the resulting data into a legitimate command
    • Only the architect of the program knows the correct sequence and memory locations

• Other notes:

  • WolfSSL could be helpful here
  • DNP3 could be used as a communication template
  • Dynamic secrets could be helpful

OISF lives on your donations. Shake down your boss: Become a donor today. OISF is a 501c3 organization and donations are tax deductible. For more information, email info@ohioinfosec.org.